Hacker News new | past | comments | ask | show | jobs | submit login
Pwnie Award Nominations for 2019 (pwnies.com)
67 points by tptacek 78 days ago | hide | past | web | favorite | 21 comments

> Dragonfly is the invention of a guy named Dan Harkins. Dan Harkins took it upon himself to retrofit elliptic curves onto first-generation multiplicative-group PAKEs like SRP. We’re losing you here but bear with me: there were PAKE protocols that used the same simple math as Diffie Hellman, and Dan Harkins tried to design one that used ECC. Anyways, when Harkins tried to get his new PAKE included in TLS, Trevor Perrin broke it in a mailing list post. The story goes on and involves the NSA and a bunch of intrigue and is worth looking into. Oh how we laughed.

> And then WPA3 was released and, oh look, there’s Harkins’ Dragonfly protocol, right there in our wireless handshakes.

> It’s pretty clear to us that the WiFi standards groups triggered some ancient mummy curse, because the WiFi standards by themselves are a master class in everything that can go wrong with a crypto protocol. And, as Vanhoef and Ronen show, WPA3 is by itself a lesson in everything that can go wrong with a single handshake: invalid curve attacks! Protocol downgrade attacks! Timing attacks! They’ll teach this one in schools, unless the WiFi people come up with WPA4 or something, which will surely be even worse.

This can’t be real.

Are the WiFi standards groups really as incompetent as this page makes them out to be? These are the standards that everybody uses, right?

> unless the WiFi people come up with WPA4 or something, which will surely be even worse.

This seems especially unwarranted, since WPA3 is not, as you might assume from this, worse than WPA2, and the paper is explicit about that.

Indeed two of their attacks are trying to _degrade_ you to WPA2, which would be a terrible idea if WPA3 was weaker.

The paper shows that if you do WPA3 badly, you are vulnerable to a bunch of nasty attacks, and doing it well is resource intensive (which may it hard to justify in cheap / low-power WiFi implementations). That's a good criticism of WPA3, but it isn't a reason WPA2 was better since that extra resource is needed to deliver a feature WPA3 didn't have at all (Forward Secrecy).

Any further background on how Dragonfly ended up in WPA3 despite all its problems?

It was in the WiFi standards before it was anywhere else, and before it was seriously critiqued. This is how crypto standards bodies work, and why some people are really jaded about crypto standardization.

They have a kind of impossible task: to create an encryption standard that will resist attacks carried by supercomputers but will work on as cheap a piece of hardware as possible... and let's make it backwards compatible too.

At some point they have to compromise, and security suffers.

Isn't "create an encryption standard that will resist attacks by supercomputers but will work on as cheap a piece of hardware as possible" the aim of pretty much every encryption standard ever?

I don't deny it's a big challenge - but it's hardly a unique one.

I really would hope any sane encryption standard aims to satisfy this requirement. Otherwise why have encryption? Supercomputers are at any tom dick and harry's beck and call these days for a paltry fee.

This is a pretty good snapshot of what happened in the fields of vulnerability research and exploit development over the last year, and is actually more useful than the page announcing the winners (which goes up late next week) since the non-winning nominations are also super interesting.

Very interesting stuff

FYI the calendar link in July 28 should probably be a href="/nominations" instead of "nominations". Clicking it from outside the home page brings you to a 404.


You've got some parseltongue in there as well, from a bad "It's" fix - "Itss SSL VPN "

That may have been deliberate. I'll check.

I see how it is. Very well. In


"all but disavows it’s existence"

should be "itss exisstence"

LVH wrote that, and he's definitely not a Slytherin.

> Super Micro - The big hack

I would be very surprised if that didn't win in the "most over-hyped" category. None of the other nominees even come close to the amount of FUD that Bloomberg story raised.

The vulnerability descriptions in the awards page are some of the best security writing I have ever read.

“Johnny, You’re Fired” is fun but it has no impact and doesn't really do anything interesting cryptographically so it should not win.

The unpleasant truth is that you're faking something that users weren't even looking at. The _only_ way either S/MIME or PGP email could have made any dent whatsoever outside of a narrow crypto nerd fanbase is if the default behaviour for every message that doesn't verify was it is discarded unread. And that was never realistically going to happen.

Why are so many of the links self-links?

How can Thangrycat can be nominated for the most overhyped and underhyped bug at the same time. These awards are a joke.

Because nominations are open and anyone can nominate. Some people thought it was underhyped, others that it was overhyped. It's the judging that's closed. I doubt very much that it will win in both categories.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact